OpenSearch-Dashboards

OpenSearch-Dashboards copied to clipboard

Define custom color inside all visualizations

8

**Is your feature request related to a problem? Please describe.** Actually, it is not possible to set a custom color in a visualization type other than TSVB. The problem is...

inf17101

**Describe the bug** On multinode cluster Dashboards fails when one of the nodes is down. Steps to reproduce: Deploy 3 nodes Opensearch cluster with security plugin enabled, tenants used. Dashboards...

piotrlg

[RFC] Clarifying Semantic Versioning for OpenSearch Dashboards

8

## Summary This RFC proposes a refined Semantic Versioning (SemVer) policy for OpenSearch Dashboards. It explicitly separates internal npm dependencies from the semver public contract, reduces the likelihood that internal...

ashwin-pc

CVE-2021-33623 (High) detected in trim-newlines-1.0.0.tgz

1

## CVE-2021-33623 - High Severity Vulnerability Vulnerable Library - trim-newlines-1.0.0.tgz Trim newlines from the start and/or end of a string Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz Path to dependency file: /package.json Path...

mend-for-github-com[bot]

[BUG] CVE-2025-27789 for babel in v2.19.1

1

Seeing dependencies on versions of babel and friends that are subject to CVE-2025-27789. I see this on the 2.19.1 tag as well as the 2.x branch. Have re-generated yarn.lock to...

hasselg

[BUG] CVE-2025-25977 in 2.19.1 Docker image

1

Having trouble tracking the source of this down, but the Docker image published for OpenSearch-Dashboards 2.19.1 (image hash b1e6c5ac2b44) contains version canvg-3.0.10 inside of the plugins/reportsDashboard directory, which is the...

hasselg

[BUG] CVE-2024-53382 in PrismJS 1.27.0 (OpenSearch Dashboards)

5

Opensearch Dashboards looks to be using PrismJS 1.27.0, which is vulnerable to CVE-2024-53382. Versions >= 1.30.0 of PrismJS should not be vulnerable. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53382 Ref: https://github.com/PrismJS/prism/issues/3864

hasselg

[BUG] CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

8

**Describe the bug** Trivy security scanning flagged libxml2 due to this CVE: [CVE-2022-49043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043) **To Reproduce** ``` docker run -it --entrypoint=/bin/bash opensearchproject/opensearch-dashboards:2.19.0 ls /usr/lib64 | grep libxml ``` observe the output:...

maxlepikhin

CVE-2024-11831 (Medium) detected in serialize-javascript-4.0.0.tgz, serialize-javascript-5.0.1.tgz

1

## CVE-2024-11831 - Medium Severity Vulnerability Vulnerable Libraries - serialize-javascript-4.0.0.tgz, serialize-javascript-5.0.1.tgz serialize-javascript-4.0.0.tgz Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-4.0.0.tgz Path...

mend-for-github-com[bot]

CVE-2024-4067 still exists in micromatch 4.0.7

1

## Description In this pull request the micromatch package was upgraded to 4.0.7 (latest to date) with the intention to fix CVE-2024-4067, but it turns out micromatch fixed this CVE...

asteriscos